Hi,
I am conducting a survey and would like to know what the standard tools
in your toolkit are. I know that there is far more to a pen test than
tools alone, but for this survey I am focusing on the tools alone.
Consider this hypothetical situation: You are hired to conduct a
penetration test on a small company's network. You have no details of
the network itself, but you have just been told what to do and been
given permission to do so. Unknown to you, there is a NAT router with an
SPI firewall, behind which are a set of workgrouped computers - mostly
Windows XP, but two of them are running SUSE Linux 10.0. The router also
has a DMZ setup to port 80 to one of the workgrouped computers, which is
a SUSE box running an Apache webserver with PHP and MySQL as well.
Therefore, my question is: what tools would you use to discover this,
and what tools would you then use to determine the vulnerabilities and
attempt to exploit them?
Here are my main ones:
- nmap
- nessus
- hping
- nikto
- E-Or (came across this recently - quite good)
- metasploit
Knowledge of SQL queries and other programming languages do not count as
tools ;)
Thanks,
J_K9
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
